Home / Spyware Help / BBC Ransomware Removal Guide

BBC Ransomware Removal Guide

by 0 Comments

Do you know what BBC Ransomware is?

You can confirm the existence of BBC Ransomware on your Windows operating system by checking the names of your personal files. They should have the “.[{ID code}].[0x1service@protonmail.com].bbc” extension appended. In fact, the threat has not named itself, and researchers who discovered it first, gave it the name that is based on the appended extension. Our research team recognizes this malware as Phobos.A Ransomware too, and that is because it is part of the group of file-encrypting threats that have been built using the Phobos Ransomware code. Other threats that were built using it include Dewar Ransomware, Devos Ransomware, Devil Ransomware, Eight Ransomware, and so on. Of course, we advise that victims of these threats focus on their removal first and foremost, but things are not so simple. If you need to delete BBC Ransomware, it is likely that you are more worried about file decryption.

If BBC Ransomware managed to slither into your operating system, there is a good chance that you let this threat in by leaving your operating system exposed. Postponing updates, installing unfamiliar software, and opening attachments or links sent via email and instant messaging could all be exploited for malware execution. After this, BBC Ransomware is quick to encrypt your personal files. Of course, it does not want your system to crash, which is why it leaves system files alone, but all personal files (except for .com and .mpg files) in %USERPROFILE%, %APPDATA%, %HOMEDRIVE%, and %PROGRAMFILES% directories are encrypted. The aforementioned extension is added to mark the corrupted files. These files cannot be read because the data is scrambled to lock them. Your files are not damaged or removed, they are simply locked, but only a special key can unlock them. At the time of research, decryption keys that were proven to work did not exist.BBC Ransomware Removal GuideBBC Ransomware screenshot
Scroll down for full removal instructions

The effectiveness of the decryptor promoted by the attackers behind BBC Ransomware has not been proven either. In fact, we do not even know if a tool like that exists at all. The “info.txt” and “info.hta” ransom note files that the infection drops on the Desktop suggest that you can have all files decrypted only if you pay an unspecified ransom. To learn how to pay it, you are instructed to send a unique ID code (included in the message and the extension) to 0x1service@protonmail.com or 0x1service@airmail.cc. Note that if you do this, you willingly expose yourself to cybercriminals. If you pay the ransom, you are likely to lose money for nothing. The thing is that the attackers behind BBC Ransomware cannot be held accountable, and they can do whatever they want after they receive your payment for file decryption. More likely that not, the attackers would put the money in their pocket and forget about you or your files.

Have you ever created copies of your files? If you have, where are they stored? If they can be found on another computer, an external drive, or a virtual cloud, after you remove BBC Ransomware, you should have no trouble replacing the corrupted files. This appears to be your only hope. If you do not have copies, perhaps you can recover at least some of the most important photos, videos, and documents that you might have shared with your friends or posted online. First and foremost, you have to remove the infection. Whether or not you are able to do it manually, we advise implementing anti-malware software that would automatically eliminate BBC Ransomware and also completely secure your entire Windows operating system. Keep in mind that full protection is important if you do not want to face new infections ever again.

How to delete BBC Ransomware

  1. Right-click and Delete the info.txt from the Desktop.
  2. Right-click and Delete the info.hta from the Desktop.
  3. Simultaneously tap Win+E keys to launch File Explorer.
  4. Enter the following paths into the field at the top one by one:
    • %TEMP%
    • %USERPROFILE%\Desktop
    • %USERPROFILE%\Downloads
  5. If you find and identify malicious files, Delete them all.
  6. Exit File Explorer and then Empty Recycle Bin.
  7. Perform a full system scan using a trusted malware scanner.

In non-techie terms:

BBC Ransomware is a threat that encrypts files and then drops its own files that are used to demand a ransom payment. If you contact the attackers and then pay the ransom, they are unlikely to assist you with file decryption. Therefore, we do not recommend paying the ransom or even sending emails. What we recommend doing is removing BBC Ransomware, which is easiest to handle with the help of trusted anti-malware software. Install it, let it perform a full system scan, and then use it to delete all found threats. Keep it up-to-date if you want your operating system protected against malware at all times.